Merge pull request #103 from mkj-is/master

Improve performance of `checkDYLD` method
securing · Oct 14, 2023 · 1bf878f · 1bf878f
2 parents ade6e59 + d6edfde
commit 1bf878f
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 20 deletions.
diff --git a/IOSSecuritySuite/JailbreakChecker.swift b/IOSSecuritySuite/JailbreakChecker.swift
@@ -318,8 +318,8 @@ internal class JailbreakChecker {
     }
 
     private static func checkDYLD() -> CheckResult {
-        
-        let suspiciousLibraries = [
+
+        let suspiciousLibraries: Set<String> = [
             "SubstrateLoader.dylib",
             "SSLKillSwitch2.dylib",
             "SSLKillSwitch.dylib",
@@ -347,18 +347,16 @@ internal class JailbreakChecker {
             "libcycript"
         ]
 
-        for libraryIndex in 0..<_dyld_image_count() {
-
-            // _dyld_get_image_name returns const char * that needs to be casted to Swift String
-            guard let loadedLibrary = String(validatingUTF8: _dyld_get_image_name(libraryIndex)) else { continue }
-
-            for suspiciousLibrary in suspiciousLibraries {
-                if loadedLibrary.lowercased().contains(suspiciousLibrary.lowercased()) {
-                    return (false, "Suspicious library loaded: \(loadedLibrary)")
-                }
+        for index in 0..<_dyld_image_count() {
+
+            let imageName = String(cString: _dyld_get_image_name(index))
+
+            // The fastest case insensitive contains check.
+            for library in suspiciousLibraries where imageName.localizedCaseInsensitiveContains(library) {
+                return (false, "Suspicious library loaded: \(imageName)")
             }
         }
-        
+
         return (true, "")
     }
 

diff --git a/IOSSecuritySuite/ReverseEngineeringToolsChecker.swift b/IOSSecuritySuite/ReverseEngineeringToolsChecker.swift
@@ -58,22 +58,20 @@ internal class ReverseEngineeringToolsChecker {
 
     private static func checkDYLD() -> CheckResult {
 
-        let suspiciousLibraries = [
+        let suspiciousLibraries: Set<String> = [
             "FridaGadget",
             "frida", // Needle injects frida-somerandom.dylib
             "cynject",
             "libcycript"
         ]
 
-        for libraryIndex in 0..<_dyld_image_count() {
+        for index in 0..<_dyld_image_count() {
 
-            // _dyld_get_image_name returns const char * that needs to be casted to Swift String
-            guard let loadedLibrary = String(validatingUTF8: _dyld_get_image_name(libraryIndex)) else { continue }
+            let imageName = String(cString: _dyld_get_image_name(index))
 
-            for suspiciousLibrary in suspiciousLibraries {
-                if loadedLibrary.lowercased().contains(suspiciousLibrary.lowercased()) {
-                    return (false, "Suspicious library loaded: \(loadedLibrary)")
-                }
+            // The fastest case insensitive contains check.
+            for library in suspiciousLibraries where imageName.localizedCaseInsensitiveContains(library) {
+                return (false, "Suspicious library loaded: \(imageName)")
             }
         }